Vulnerability Description
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Minidvblinux | Minidvblinux | <= 5.4 |
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/51094ExploitThird Party AdvisoryVDB Entry
- https://www.minidvblinux.deProduct
- https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-Third Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.phpExploitThird Party Advisory
FAQ
What is CVE-2023-53771?
CVE-2023-53771 is a vulnerability with a CVSS score of 9.8 (CRITICAL). MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system...
How severe is CVE-2023-53771?
CVE-2023-53771 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-53771?
Check the references section above for vendor advisories and patch information. Affected products include: Minidvblinux Minidvblinux.